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The present invention provides a method for password enhanc- 
ing, which method comprises the steps of entering a user password 
and irreversibly encrypting the user password. Preferred embodi- 
ments of the present invention provide for more secure password 
handling, by enhancing the password. 
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IMPROVEMENTS IN AND REIA TING TO DATA COMMDNICATION 

Field of the Invention 

5 The present invention relates to data communication 

devices and methods, and to programs for executing such 
methods and carriers therefor. 

Background to the Invention 

10 

With the growth of computer networks, including the 
internet, local area networks, wide area networks and 
intranets, additional problems have been created in 
relation to computer security. In particular, the 

15 possibilities for unauthorised remote access into a 
computer (sometimes referred to as "hacking") have been 
increased. 

Hackers seeking xinauthorised access have developed 
20 various forms of software to assist in these attacks, 
including those that make multiple attempts to gain access 
through password controlled systems. Typically such 
software will try various permutations of possible 
passwords until the correct one is found. This can either 
25 be a '"dictionary" attack, restricted to known words, or a 
"brute force" attack which tries all permutations. For 
this reason, amongst others, many systems require passwords 
of a minimum lengthy but as these have to be metnorised by a 
user only a cert^iin minimum length is practicable > Thus, 
3 0 many password lengths fall in the range of 4-8 characters 
and are often everyday words for case of recollection. 
, This makes a sof tware -assisted attack on the system a real 
risk to any password protected function or data. 



wo 00/11537 



2 



PCT/GB99/02672 



It is an aim of preferred embodiments of the present 
invention to obviate or overcome at least one disadvantage 
encountered in relation to the prior art, whether referred 
to herein or otherwise. 

SummarY of the Invention 

According to the present invention in a first aspect, 
there is provided a method for password enhancing, which 
method comprises the steps of entering a user password and 
irreversibly encrypting the user password. 

Preferred embodiments of the present invention provide 
for more secure password handling, by enhancing the 
password. 

Suitably, the encryption comprises a hash operation. 

Suitably, the method comprises the additional step of 
using an encrypted first stored key (NEPKEY) to encrypt the 
irreversibly encrypted user password (HftSH) . Suitably, the 
first stored key is encrypted by a public key encryption 
algorithm. 

Suitably, the method comprises the additional step of 
decrypting an encrypted second stored key (UPEK) using the 
decrypted first stored key (NEPKEY). Suitably, the second 
stored key is encrypted by a reversible algorithm. 

Suitably, the result (HASH) of the irreversibly 
encrypted user password is encrypted using the second 
stored key (UPEK) a^ an encryption key. 
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According to the present invention in a second aspect, 
there is provided a data access method cottar ising the steps 
of producing an enhanced password according to the first 
5 aspect of the present invention, coitparing the enhanced 
password with a password associated with the data, and 
permitting access to the data only if the enhanced password 
and the data password correspond. 

10 The data to be accessed may be any type, including a 

file, an application, a data record etc. 



According to the present invention in a third aspect 
there is provided a computer program for carrying out the 
15 method of the second aspect of the present invention. 

According to the present invention in a fourth aspect, 
there is provided a carrier comprising a program according 
to the third aspect of the invention. 

20 

According to the present invention in a fifth aspect, 
there is provided a data communication system comprising an 
input device for generating a plurality of input signals 
available from a set of input signals and a character 
25 generator configured to receive an input signal and 
generate an output signal comprising a plurality of signals 
from the set of input signals in which the output signal is 
different from the signal input to the character generator. 

30 Suitably, the output signal is of a different length to 

the signal input to the character generator. More 
suitably, the output signal is longer than the signal input 
to the character generator. 
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Suitably, the system further comprises means for 
comparing the output signal with a stored password. More 
suitably, the comparison means further comprises means for 
5 outputting a signal dependent upon the correspondence of 
the output signal with the stored password. 

Suitably, the input device comprises a keyboard. 

10 Suitably, the set of available input signals cottprises 

all or part of the character set of the keyboard. 

Suitably, the system comprises a first input and a 
second input in which the character generator receives 
15 signals from the first input and does not receive signals 
from the second input. 

Suitably, the first input is a local input device such 
as a keyboard or microphone and the second input is a 
20 remote based input device typically providing signals via a 
modem connection. 

Suitably, the input signal conprises or corresponds to 
one of the set of input signals . 

25 

Suitably, the set of input signals comprises 
alphanumeric characters . 

According to the present invention in a sixth aspect, 
30 there is provided a digital computer comprising a data 
communication system according to the fifth aspect of the 
invention. 
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According to the present invention in a seventh aspect, 
there is provided a data communication method comprising 
receiving an input signal available from a set of input 
signals, generating an output signal comprising a plurality 
5 of signals from the set of available input signals, in 
which the output signal is different from the input signal.. 

Suitably, the method further comprises the step of 
repeating the operation for a plurality of input signals. 

10 

Suitably, the output signals vary in length one from 
the other. 

Suitably, the method according to the eighth aspect of 
15 the invention is modified according to the sixth aspect of 
the invention. 

Brief Description of the Drawings 

20 The present invention will now be described, by way of 

example only, with reference to the drawings that follow; 
in which: 

Figure 1 is a schematic Sunctiohal illustration of an 
25 embodiment of the present invention. 

Figure 2 is a functional flow diagram illustrating 

operation of a preferred embodiment of the present 
invention. 

30 

Figure 3 is a diagram showing how data is stored 

according to the embodiment of the present invention 
described in relation to Figure 2, 
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Figure 4 is a functional flow diagram of the operation 
of the character generating device of the present invention 
in another embodiment. 

5 

Description of the Pr eferred Embodlmetifca 

Referring to Figure 1 of the drawings that follow, 
there is shown an electronic digital computer 2, typically 
10 a personal computer ("PC") comprising a keyboard 4 
connected via a data line 6 to a processor 8. Those 
skilled in the art will appreciate that various elements 
intervene between the keyboard and processor. 

15 On the data line 6 between keyboard 4 and processor 8 

is a character generating device 10. The initials **CGD" are 
used for character generating device in this specification. 

Other input ports 12 , 14 as also shown which may for 
20 instance, be from a modem. 

The character generating device 10 is configured to 
controllably modify the output of keystrokes from keyboard 
4 to- produce additional output for password verification, 
25 until that password verification is achieved and then 
revert to normal keyboard output operation. 

The operation of the device will now be described in 
more detail with reference to Figures 2 onwards of the 
3 0 drawings that follow. 

Upon activation of the application a password is 
requested to be input and the number of characters of an 



wo 00/11537 



7 



PCT/GB99/02672 



enhanced password is set. The input is '^filtered" to 
recognise non-character codes such as CTRL and <SHIFT> so 
that these are not required in the user' s password. 

5 Referring now to Figure 2 of the drawings that follow, 

the keyboard 4, CGD 10 and a PC hard drive 16 are outlined. 
A user password (PW) is entered from keyboard 4, For 
purposes of explanation let the user password input be 
'^BOB" . The user sets the enhanced password length to, say, 
10 10 characters. t^on an <ENTER> key strike (or typically 
for a WINDOWS (Registered Trade Mark) application, clicking 
the **OK" button) the user password BOB is enhanced. 

Each CGD 10 contains a common key referred to as a 
15 NEPKEY. The CGD 10 uses a secret piablic key encryption 
algorithm with its own unique public key (the public key 
differs between CGD devices) to encrypt the NEPKEY, the 
result of which, referred to as Spk (NEPKEY) is stored on 
the PC hard drive. Thus the NEPKEY itself is not known 
20 outside of the CGD 10. 

The CGD 10 creates a User Password Enchancer Encryption 
Key, referred to as UPEK, in a function called ''GUPEK" . A 
UPEK is generated in the CGD 10 as a random number. It 
25 need not be a random number, the main recjuirement being it 
is not known outside of the CGD 10. Each CGD 10 has the 
same NEPKEY (or set of NEPKEYs as several may be used), but 
a unique UPEK (or set thereof) . 

30 GUPEK is passed the Spk (NEPKEY) to be used to encrypt a 

new UPEK, how many new UPEK's are to within the set, and 
the location of the temporary resident program that Ccm 
create UPEKs. It then passed the CGD 10 the encrypted 



wo 00/11537 



8 



PCT/GB99/02672 



NEEKEY (ie Tmepkey (UPEK) , where T is a syiranetric encryption 
algorithm) . As each new UPEK is created, according to the 
number to be generated, the C6D 10 encrypts it with the 
NEPKEY (ie Tnepkey (UPEK) ) . When it has finished, the 
5 temporary resident program is unloaded from the CGD 10. 
The CGD 10 then adds the encrypted UPEKs to one block of 
data, with a header 102 containing how many UPEKs 104a, 
104b are within the set, as shown in Figure 3 of the 
drawings that follow. The NEPKEY encrypted UPEK is saved 
10 on the hard drive . Thus the UPEK is not known outside of 
the CGD 10. The generation of the Spk (NEPKEY) and Tnepkey 
(UPEK) are carried out in the set-up stage. There may be 
several UPEKs in a CGD 10. 

15 At 100 the input user password is hashed to generate an 

output of predictable length, in this case 16 bytes. The 
primary reason for the HASH operation is to produce an 
irreversible result. 

20 In the enhanced password generation method, at 106 the 

encrypted NEPKEY is retrieved from the PC hard drive 16 and 

decrypted by the CGD 10 to obtain the NEPKEY. Next at 108 

the NEPKEY encrypted UPEK is retrieved and decrypted by the 

CGD 10 using the NEPKEY decrypted at 106 to obtain the 
25 UPEK. 

The UPEK is encrypted by the HASH output from 100 and 
an enhanced password output of desired character length 
output. This enhanced password is stored, usually in the 
30 header portion of an application or document. 

When access is sought to the application or document, 
the password enhancing application is activated and- upon a 



wo 00/11537 



9 



PCT/GB99/02672 



user password being entered it is password enhanced as set 
out above, the result being compared with the password 
stored for the application or document. This coxt^jarison is 
carried out by the application itself, not by the CGD 10 
5 that produces the enhanced password. As a modification the 
password checking can be carried out by the CGD 10 if it is 
loaded with appropriate software . 

The CGD 10 is configured so that it will only accept 
10 one user password per second. The gap between acceptable 
inputs for password enhancing can be varied to provide 
additional security, 

New NEPKEYs can be entered when required, preferably 
15 from a secure source so that the NEPKEY cannot be 
intercepted. 

The HASH operation output length can be varied as a 
matter of design device. Normally it will be 64 to 128 
20 bytes - 

This system has several advantages as set out below: 

(i) the user password is not stored on the PC so it 
25 cannot be retrieved by a hacker; 

(ii) the relationship between the keyboard input and the 
CGD output (ie the enhanced password) is such that 
there is no practical reversibility; 

30 

(iii) by only permitting one password entry every second 
or so the system substantially prevents brute force 
attacks on the password. To succeed in a brute 
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force attack a large number of permutations must be 
tried. At one entry per second the time required 
for a dictionary or brute force attack is 
unfeasible . For instance, at one million entries 
per second an six character password, with each 
character being selected from a possible 72 
character set has 139,314,069,504 possible 
combinations that would take nearly 3 8 hours to try 
by brute force. If entry were restricted to one 
entry per second, the brute force attack would take 
4417 years; and 



because of the shared NEPKEY, hot seating (i.e. the 
use of different machines by one user) can be 
accommodated even though the CGD 10 on each machine 
has a different p\iblic key. The UPEK(*s) 

associated with the particular user csin be 
transferred securely between machines by encoding 
using the NEPKEY as a key ie Tnepkey (UPEK) . It is 
noted that neither the NEPKEY { s ) nor the UPEK ( s ) 
are seen or inspectable in plain (ie unencrypted) 
text outside of the secure CGD 10. 

If desired new NEPKEYs can be downloaded into the CGD 
25 10 using a security protocol, 

A further embodiment of the present invention will now 
be described with reference to Figure 4 of the drawings 
that follow. 

30 

From a mode 200 in which the PC 2 is operating 
normally, an access is requested either to functions or 
data, the PC checks 202 to determine whether the function 



(iv) 

15 
20 
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or data (say a file) is password protected. If not, the 
"NO" branch is followed and normal operation resvimes with 
access permitted. If the function or data is password 
protected, the "YES" branch is followed and a suitable 
5 password is requested 204 and the character generating 
device is configured 206 to output additional characters 
according to a predetermined scheme. 

Then, as each keystroke of the password is input 208 
10 the signal is received by the device 10 and a corresponding 
longer output is generated 210. Thus, by way of example, 
if the keystroke "F" is entered, the device may output 
"P7TTWR0"- The actual output is substantially immaterial 
so long as it is in accordance with a predetermined 
15 relationship between the input key and output sequence from 
the device 10. 

The system then determines if the .password input is 
finished 212. This may be by detecting the input of a 

20 < ENTER > key, the length of input or some other 
characteristic . If the input is not finished, the system 
rec[uires a further input keystroke. If t the . input is 
finished, the "YES" branch is followed and the input 
password is cpttqpared with a password in memory 214. If the 

25 password is correct, the "YES" branch is followed, the 
character generator is configured 216 so input passes 
normally access to the function or data is permitted and 
normal operation resumed. If. the password is incorrect, 
the "NO" branch is followed auid access is denied 218. 

30 

Instead of access being denied on the first entry of an 
incorrect password, several attenqpts can be permitted, but 
normally not an tinlimited number. 
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In addition to access being defined upon entry of 
incorrect password, additional alarm functions may be 
actuated. 

The original password may also be input using this 
method and device. The user need never Icnow or be 
concerned with the longer version of their password. 

Accordingly, using the present invention it is possible 
for a user to remember a relatively short password, say 
"FRED" but for the processor to require validation of a 
much longer password which may or may not include the 
original password elements. By way of example, keyboard 
keystrokes of "FRED" at the password request stage may 
generate: P7aTWR0X3NR?B2aR88CI9CcAB. 

So, a password input keystroke of four characters 
generates a twenty-six character long password for 
verification. 

The device and system is configured so that remote 
access to the PC 2 is not via the device 10 so that such 
remote access requires entry df the full (longer) password 
required by the processor . Accordingly, protection from 
external hacking is enhanced. 

The present invention can be embodied in hardware 
and/or software. Typically, in a hardware embodiment the 
device is located in a keyboard. 

The "passwords" referred to herein may be of any -signal 
or combination of signals and need not be "words" at all. 
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While the present embodiment has been described for use 
on a PC, it will be appreciated that the present invention 
can equally be put into effect on other platforms, devices 
5 or equipment. 

The reader's attention is directed to all papers 
and documents which are filed concurrently with or previous 
to this specification in connection with this application 
10 and which are open to public inspection with this 
specification, and the contents of all such papers and 
documents are incorporated herein by reference. 

XLl of the features disclosed in this specification 
is (including any accompanying claims, abstract and drawings), 
and/or all of the steps of any method or process so 
disclosed, may be combined in any combination, except 
combinations where at least some of such features and/or 
steps are mutually exclusive. 

20 

Each feature disclosed in this specification (including 
any accompanying claims, abstract and drawings) , may be 
replaced by alternative features serving the same, 
equivalent or similar purpose, unless expressly stated 
25 otherwise. Thus, unless expressly stated otherwise, each 
feature disclosed is one example only of a generic series 
of equivalent or similar features. 

The invention is not restricted to the details of the 
30 foregoing embodiment ( s ) . The invention extends to any 
novel one, or any novel combination, of the features 
disclosed in this specification (including any accompanying 
claims, abstract and drawings), or to any novel one, or any 
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novel combination, of the steps of any method or process so 
disclosed. 
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Claims 

1. A method for password enhancing, which method coirprises 
the steps of entering a user password and irreversibly 
encrypting the user password. 

2. A method according to claim 1, in which the encryption 
comprises a hash operation . 

3. A method according to claim 1 or claim 2, in which the 
method comprises the additional step of using an encrypted 
first stored key (NEPKEY) to encrypt the irreversibly 
encrypted user password (HASH) . 

4. A method according to claim 3, in which the first 
stored key is encrypted by a public key encryption 
algorithm. 

5. A method according to claim 3 or claim 4, in which the 
method comprises the additional step of decrypting an 
encrypted second stored key (UPEK) using the decrypted 
first stored key (NEPKEY) . 

6. A method according to claim 5, in which the second 
stored key is encrypted by a reversible algorithm. 

7. A method according to claim 5 or claim S, in which the 
result (HASH) of the irreversibly encrypted user password 
is encrypted using the second stored key (UPEK) as an 
encryption key. 

8. A data access method comprising the steps of producing 
an enhanced password according to any one of claims 1 to 7, 
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comparing the enhanced password with a password associated 
with the data, and permitting access to the data only if 
the enhanced password and the data password correspond. 

9. A computer program for carrying out the method of claim 
8 . 

10. A carrier comprising a program according to claim 9. 

11. A data communication system comprising an input device 
for generating a plurality of input signals available from 
a set of input signals and a character generator configured 
to receive an input signal and generate an output signal 
comprising a plurality of signals from the set of input 
signals in which the output signal is different from the 
signal input to the character generator. 

12. A data communication system according to claim 11, in 
which the output signal is of a different length to the 
signal input to the character generator. 

13. A data communication system according to claim 12, in 
which the output signal is longer than the signal input to 
the character generator. 

14. A data communication system according to any one of 
claims 11 to 13, in which the system further comprises 
means for comparing the output signal with a stored 
password . 

15. A data communication system according to claim 14, in 
which the comparison means further comprises means for 



wo 00/11537 



17 



PCT/GB99/02672 



output ting a signal dependent upon the* correspondence of 
the output signal with the stored password. 

16 . A data cotnmunication system according to any one of 
5 claims 11 to 15 7 in which the input device conprises a 

keyboard . 

17. A data communication system according to claim 16, in 
which the set of available input signals comprises all or 

10 part of the character set of the keyboard. 

18- A data communication system according to any one of 
claims 11 to 17, in which the system con^rises a first 
input and a second input in which the character generator 
15 receives signals from the first input and does not receive 
signals from the second input. 

19. A data commxinication system according to claim 18, in 
which the first input is a local input device such as a 

20 keyboard or microphone and the second input is a remote 
based input device typically providing signals via a modem 
connection. 

20. A data communication system according to claim 19, in 
25 which the input signal cotqprises or corresponds to one of 

the set of input signals. 

21. A data communication system according to claim 20, in 
which the set of input signals comprises alphanumeric 

30 characters. 

22 . A digital computer comprising a data communication 
system according to any one of claims 11 to 21. 
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23 . A data communication method comprising receiving an 
input signal available from a set of input signals, 
generating an output signal comprising a plurality of 

5 signals from the set of available input signals, in which 
the output signal is different from the input signal. 

24. A method according to claim 23, in which the method 
further comprises the step of repeating the operation for a 

10 plurality of input signals. 



25. A method according to claim 23 or claim 24, in which 
the output signals vary in length one from the other. 
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